#!/bin/bash -e
# Copyright (C) 2022 Simo Sorce <simo@redhat.com>
# SPDX-License-Identifier: Apache-2.0

source "${TESTSSRCDIR}/helpers.sh"

if [[ "$NSS_FIPS" = "1" ]] && [[ "$TOKENTYPE" = "softokn" ]]; then
    title "ECDH tests are not supported in FIPS for softokn token -- skipping"
    exit 77;
fi

title PARA "HKDF Derivation"
export HKDF_HEX_SECRET=ffeeddccbbaa
export HKDF_HEX_SALT=ffeeddccbbaa
export HKDF_HEX_INFO=ffeeddccbbaa
ossl '
pkeyutl -derive -kdf HKDF -kdflen 48
                -pkeyopt md:SHA256
                -pkeyopt mode:EXTRACT_AND_EXPAND
                -pkeyopt hexkey:${HKDF_HEX_SECRET}
                -pkeyopt hexsalt:${HKDF_HEX_SALT}
                -pkeyopt hexinfo:${HKDF_HEX_INFO}
                -out ${TMPPDIR}/hkdf1-out-pkcs11.bin
                -propquery provider=pkcs11'
ossl '
pkeyutl -derive -kdf HKDF -kdflen 48
                -pkeyopt md:SHA256
                -pkeyopt mode:EXTRACT_AND_EXPAND
                -pkeyopt hexkey:${HKDF_HEX_SECRET}
                -pkeyopt hexsalt:${HKDF_HEX_SALT}
                -pkeyopt hexinfo:${HKDF_HEX_INFO}
                -out ${TMPPDIR}/hkdf1-out.bin'
diff "${TMPPDIR}/hkdf1-out-pkcs11.bin" "${TMPPDIR}/hkdf1-out.bin"

export HKDF_HEX_SECRET=6dc3bcf529a350e0423befb3deef8aef78d912c4f1dc3e6e52bf61f681e40904
export HKDF_SALT="I'm a Salt!"
export HKDF_INFO="And I'm an Info?"
ossl '
pkeyutl -derive -kdf HKDF -kdflen 48
                -pkeyopt md:SHA256
                -pkeyopt mode:EXTRACT_AND_EXPAND
                -pkeyopt hexkey:${HKDF_HEX_SECRET}
                -pkeyopt salt:"${HKDF_SALT}"
                -pkeyopt info:"${HKDF_INFO}"
                -out ${TMPPDIR}/hkdf2-out-pkcs11.bin
                -propquery provider=pkcs11'
ossl '
pkeyutl -derive -kdf HKDF -kdflen 48
                -pkeyopt md:SHA256
                -pkeyopt mode:EXTRACT_AND_EXPAND
                -pkeyopt hexkey:${HKDF_HEX_SECRET}
                -pkeyopt salt:"${HKDF_SALT}"
                -pkeyopt info:"${HKDF_INFO}"
                -out ${TMPPDIR}/hkdf2-out.bin'
diff "${TMPPDIR}/hkdf2-out-pkcs11.bin" "${TMPPDIR}/hkdf2-out.bin"
